Skip to content
Snippets Groups Projects
Commit 50cb7f74 authored by Jens Nolte's avatar Jens Nolte
Browse files

Move installation helpers to installation.nix

parent 1ca7c6ae
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
bin/install
+ 7
16
View file @ 50cb7f74
...@@ -33,6 +33,7 @@ hostname="$2" ...@@ -33,6 +33,7 @@ hostname="$2"
nixos_system_file=$MACHINES_PATH/nixos.nix nixos_system_file=$MACHINES_PATH/nixos.nix
installation_tools=$DOTFILES_PATH/bin/lib/installation.nix
# This script cannot run without the nixos configuration entry point # This script cannot run without the nixos configuration entry point
if [[ ! -f "$nixos_system_file" ]] if [[ ! -f "$nixos_system_file" ]]
...@@ -46,7 +47,7 @@ local_temp_dir=$(mktemp --tmpdir --directory install-via.XXXXXXXXXX) ...@@ -46,7 +47,7 @@ local_temp_dir=$(mktemp --tmpdir --directory install-via.XXXXXXXXXX)
trap "rm -rf $local_temp_dir" EXIT INT HUP TERM trap "rm -rf $local_temp_dir" EXIT INT HUP TERM
# Pre-build installation helper # Pre-build installation helper
nix build --file $DOTFILES_PATH/bin/lib/format.nix --argstr hostname "$hostname" --arg template "(import $MACHINES_PATH).machineTemplates.$hostname" --out-link "$local_temp_dir/format_$hostname" nix build --file $installation_tools format --argstr hostname "$hostname" --arg template "(import $MACHINES_PATH).machineTemplates.$hostname" --out-link "$local_temp_dir/format_$hostname"
if ! ssh -o VisualHostKey=yes root@$via_host true if ! ssh -o VisualHostKey=yes root@$via_host true
then then
...@@ -60,23 +61,15 @@ then ...@@ -60,23 +61,15 @@ then
exit 1 exit 1
fi fi
# Generate config file
local_config_file=$local_temp_dir/config local_config_file=$local_temp_dir/config
nix run --file $installation_tools configure --argstr hostname "$hostname" --arg template "(import $MACHINES_PATH).machineTemplates.$hostname" --command "configure_$hostname" > $local_config_file
# Prepare config # Copy 'format' binary to target host
#luks_key=$(pass hosts/$hostname/luks) nix copy --file $installation_tools format --argstr hostname "$hostname" --arg template "(import $MACHINES_PATH).machineTemplates.$hostname" --to ssh://root@$via_host
luks_key=""
> $local_config_file <<EOF
{
"blockDevice": null,
"luksKey": "$luks_key"
}
EOF
luks_key=""
nix copy --file $DOTFILES_PATH/bin/lib/format.nix --argstr hostname "$hostname" --arg template "(import $MACHINES_PATH).machineTemplates.$hostname" --to ssh://root@$via_host
remote_temp_dir=$(ssh root@$via_host mktemp --tmpdir --directory install-via.XXXXXXXXXX) remote_temp_dir=$(ssh root@$via_host mktemp --tmpdir --directory install-via.XXXXXXXXXX)
# copy install-helper and config # Copy install-helper and config
scp -r $local_temp_dir/* root@$via_host:$remote_temp_dir/ scp -r $local_temp_dir/* root@$via_host:$remote_temp_dir/
scp $DOTFILES_PATH/bin/message root@$via_host:$remote_temp_dir/ scp $DOTFILES_PATH/bin/message root@$via_host:$remote_temp_dir/
...@@ -86,7 +79,6 @@ ssh root@$via_host "$remote_temp_dir/message" & ...@@ -86,7 +79,6 @@ ssh root@$via_host "$remote_temp_dir/message" &
ssh -t root@$via_host "$remote_temp_dir/format_$hostname/bin/format_$hostname" "$remote_temp_dir/config" "$remote_temp_dir/output.json" ssh -t root@$via_host "$remote_temp_dir/format_$hostname/bin/format_$hostname" "$remote_temp_dir/config" "$remote_temp_dir/output.json"
scp "root@$via_host:$remote_temp_dir/output.json" "$MACHINES_PATH/machines/$hostname/install-result.json" scp "root@$via_host:$remote_temp_dir/output.json" "$MACHINES_PATH/machines/$hostname/install-result.json"
# TODO: ensure the working directory is set correctly
print_info "Gathering hardware information..." print_info "Gathering hardware information..."
scp root@$via_host:/mnt/etc/nixos/hardware-configuration.nix "$MACHINES_PATH/machines/$hostname/" scp root@$via_host:/mnt/etc/nixos/hardware-configuration.nix "$MACHINES_PATH/machines/$hostname/"
...@@ -97,7 +89,6 @@ print_info "Deploying target system configuration..." ...@@ -97,7 +89,6 @@ print_info "Deploying target system configuration..."
nix copy --file "$nixos_system_file" --argstr hostname "$hostname" --to ssh://root@$via_host nix copy --file "$nixos_system_file" --argstr hostname "$hostname" --to ssh://root@$via_host
nixos_config_path=$(realpath "$local_temp_dir/nixos-config-$hostname") nixos_config_path=$(realpath "$local_temp_dir/nixos-config-$hostname")
# TODO: merge commands
ssh root@$via_host "nixos-install --system $nixos_config_path && sync" ssh root@$via_host "nixos-install --system $nixos_config_path && sync"
ssh root@$via_host mkdir --mode u=rwx,g=,o= --parents /mnt/secrets/passwords ssh root@$via_host mkdir --mode u=rwx,g=,o= --parents /mnt/secrets/passwords
......
bin/lib/format.nix bin/lib/installation.nix
+ 23
8
View file @ 50cb7f74
...@@ -34,6 +34,23 @@ in ...@@ -34,6 +34,23 @@ in
assert (typeOf luks) == "bool"; assert (typeOf luks) == "bool";
assert (typeOf swap) == "string"; assert (typeOf swap) == "string";
{ {
configure = writeScriptBin "configure_${hostname}" ''
#!${zsh-bin}
set -e
set -u
set -o pipefail
# Generate config
<<EOF
{
"blockDevice": null
${if luks then ''
,"luksKey": "$(pass hosts/$hostname/luks)"
'' else ""}
}
EOF
luks_key=""
'';
format = writeScriptBin "format_${hostname}" '' format = writeScriptBin "format_${hostname}" ''
#!${zsh-bin} #!${zsh-bin}
set -e set -e
...@@ -78,12 +95,6 @@ assert (typeOf swap) == "string"; ...@@ -78,12 +95,6 @@ assert (typeOf swap) == "string";
block_device=$(${lsblk-bin} --nodeps --output PATH,NAME,SIZE,TYPE,MODEL,VENDOR | ${fzf-bin} --layout=reverse --header-lines=1 --nth=1 | awk '{print $1;}') block_device=$(${lsblk-bin} --nodeps --output PATH,NAME,SIZE,TYPE,MODEL,VENDOR | ${fzf-bin} --layout=reverse --header-lines=1 --nth=1 | awk '{print $1;}')
fi fi
${if luks then ''
luks_keyfile=$temp_dir/luksKey
luks_key=$(${jq-bin} -e --raw-output .luksKey $config_file)
print -n "$luks_key" > $luks_keyfile
'' else "" }
if [ ! -b "$block_device" ] if [ ! -b "$block_device" ]
then then
print_info "error: $block_device is not a block device." print_info "error: $block_device is not a block device."
...@@ -171,6 +182,10 @@ assert (typeOf swap) == "string"; ...@@ -171,6 +182,10 @@ assert (typeOf swap) == "string";
${mkfs-fat-bin} -F32 -n ESP "$esp_partition" ${mkfs-fat-bin} -F32 -n ESP "$esp_partition"
${if luks then '' ${if luks then ''
luks_keyfile=$temp_dir/luksKey
luks_key=$(${jq-bin} -e --raw-output .luksKey $config_file)
print -n "$luks_key" > $luks_keyfile
${cryptsetup-bin} --batch-mode --key-file $luks_keyfile luksFormat --type luks2 $luks_partition ${cryptsetup-bin} --batch-mode --key-file $luks_keyfile luksFormat --type luks2 $luks_partition
luks_partition_uuid=$(${blkid-bin} --match-tag UUID --output value $luks_partition) luks_partition_uuid=$(${blkid-bin} --match-tag UUID --output value $luks_partition)
...@@ -212,13 +227,13 @@ assert (typeOf swap) == "string"; ...@@ -212,13 +227,13 @@ assert (typeOf swap) == "string";
mount_point=/mnt mount_point=/mnt
# Create subvolumes # Create subvolumes
${mount-bin} -o noatime,compress=zstd:1 $root_partition $mount_point ${mount-bin} -o noatime,compress=zstd $root_partition $mount_point
${btrfs-bin} subvolume create $mount_point/${hostname} ${btrfs-bin} subvolume create $mount_point/${hostname}
${btrfs-bin} subvolume create $mount_point/${hostname}/nix ${btrfs-bin} subvolume create $mount_point/${hostname}/nix
${umount-bin} $mount_point ${umount-bin} $mount_point
# Remount # Remount
${mount-bin} -o subvol=/${hostname},noatime,compress=zstd:1 $root_partition $mount_point ${mount-bin} -o subvol=/${hostname},noatime,compress=zstd $root_partition $mount_point
mkdir -p $mount_point/boot mkdir -p $mount_point/boot
${mount-bin} -o noatime $esp_partition $mount_point/boot ${mount-bin} -o noatime $esp_partition $mount_point/boot
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment